Enable package lock for C# projects and configure dependabot (#89)

skarllot · Jan 7, 2024 · 3e7dc0e · 3e7dc0e
1 parent 003ba5c
commit 3e7dc0e
Show file tree

Hide file tree

Showing 19 changed files with 10,401 additions and 27 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -7,6 +7,8 @@ version: 2
 updates:
   - package-ecosystem: "nuget"
     directory: "/"
+    reviewers:
+      - skarllot
     schedule:
       interval: "daily"
     groups:
@@ -31,13 +33,19 @@ updates:
         update-types: ["version-update:semver-major"]
   - package-ecosystem: "github-actions"
     directory: "/"
+    reviewers:
+      - skarllot
     schedule:
       interval: "daily"
   - package-ecosystem: "docker"
     directory: "/"
+    reviewers:
+      - skarllot
     schedule:
       interval: "daily"
   - package-ecosystem: npm
     directory: "/docs/"
+    reviewers:
+      - skarllot
     schedule:
       interval: "daily"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -14,11 +14,11 @@ name: "CodeQL"
 on:
   push:
     branches: [ "main" ]
-    paths: [ "*.props", "src/**/*.cs", "src/**/*.csproj", "src/**/*.props", "tests/**/*.cs", "tests/**/*.csproj", "tests/**/*.props" ]
+    paths: [ "src/**/packages.lock.json", "src/**/*.cs", "tests/**/packages.lock.json", "tests/**/*.cs" ]
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ "main" ]
-    paths: [ "*.props", "src/**/*.cs", "src/**/*.csproj", "src/**/*.props", "tests/**/*.cs", "tests/**/*.csproj", "tests/**/*.props" ]
+    paths: [ "src/**/packages.lock.json", "src/**/*.cs", "tests/**/packages.lock.json", "tests/**/*.cs" ]
   schedule:
     - cron: '28 20 * * 1'
 
@@ -61,7 +61,7 @@ jobs:
       uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
       with:
         path: ~/.nuget/packages
-        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
         restore-keys: ${{ runner.os }}-nuget-
 
     # Initializes the CodeQL tools for scanning.
@@ -76,8 +76,11 @@ jobs:
         # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
 
+    - name: Restore dependencies
+      run: dotnet restore --locked-mode
+
     - name: Build
-      run: dotnet build -c Release
+      run: dotnet build --no-restore -c Release
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12

diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml
@@ -23,37 +23,38 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Harden Runner
+    - name: 🛡️ Harden Runner
       uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
       with:
         egress-policy: audit
 
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+    - name: 🛒 Checkout
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       with:
         fetch-depth: 0
 
-    - name: Setup .NET
+    - name: 🧰 Setup .NET
       uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
       with:
         dotnet-version: 6.0.x
 
-    - name: Setup NuGet cache
+    - name: 🗃️ Setup NuGet cache
       uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
       with:
         path: ~/.nuget/packages
-        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
         restore-keys: ${{ runner.os }}-nuget-
 
-    - name: Restore dependencies
-      run: dotnet restore
+    - name: 📥 Restore dependencies
+      run: dotnet restore --locked-mode
 
-    - name: Build
+    - name: 🏗️ Build
       run: dotnet build --no-restore
 
-    - name: Test
+    - name: ✅ Test
       run: dotnet test --no-build --verbosity normal /p:CollectCoverage=true /p:CoverletOutputFormat=opencover
 
-    - name: Upload coverage reports to Codecov
+    - name: ☂️ Upload coverage reports to Codecov
       uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
       env:
         CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/mutation-test.yml b/.github/workflows/mutation-test.yml
@@ -6,10 +6,10 @@ name: Mutation Test
 on:
   push:
     branches: [ "main" ]
-    paths: [ "*.props", "src/**/*.cs", "src/**/*.csproj", "src/**/*.props", "tests/**/*.cs", "tests/**/*.csproj", "tests/**/*.props" ]
+    paths: [ "src/**/packages.lock.json", "src/**/*.cs", "tests/**/packages.lock.json", "tests/**/*.cs" ]
   pull_request:
     branches: [ "main" ]
-    paths: [ "*.props", "src/**/*.cs", "src/**/*.csproj", "src/**/*.props", "tests/**/*.cs", "tests/**/*.csproj", "tests/**/*.props" ]
+    paths: [ "src/**/packages.lock.json", "src/**/*.cs", "tests/**/packages.lock.json", "tests/**/*.cs" ]
 
 env:
   DOTNET_GENERATE_ASPNET_CERTIFICATE: false
@@ -25,44 +25,45 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Harden Runner
+      - name: 🛡️ Harden Runner
         uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: 🛒 Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
-      - name: Setup .NET
+      - name: 🧰 Setup .NET
         uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
         with:
           dotnet-version: 6.0.x
 
-      - name: Setup NuGet cache
+      - name: 🗃️ Setup NuGet cache
         uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: ~/.nuget/packages
-          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
           restore-keys: ${{ runner.os }}-nuget-
 
-      - name: Stryker
+      - name: 🧬 Stryker
         run: |
           dotnet tool restore
           dotnet stryker -f .config/stryker-config.json -O StrykerOutput --dashboard-api-key ${{ secrets.STRYKER_DASHBOARD_API_KEY }} -v main
         if: github.event_name != 'pull_request'
 
-      - name: Stryker (Diff)
+      - name: 🧬 Stryker (Diff)
         run: |
           dotnet tool restore
           dotnet stryker -f .config/stryker-config.json -O StrykerOutput -r html -r markdown --since:main
         if: github.event_name == 'pull_request'
 
-      - name: Upload Mutation Report
+      - name: 📤 Upload Mutation Report
         uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
         with:
           name: mutation-report
           path: StrykerOutput/reports
 
-      - name: Mutation Test Summary
+      - name: 📓 Mutation Test Summary
         run: cat StrykerOutput/reports/mutation-report.md >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
@@ -38,11 +38,17 @@ jobs:
         uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
         with:
           path: ~/.nuget/packages
-          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/*.props') }}
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
           restore-keys: ${{ runner.os }}-nuget-
 
+      - name: 📥 Restore dependencies
+        run: dotnet restore --locked-mode
+
+      - name: 🏗️ Build
+        run: dotnet build --no-restore -c Release
+
       - name: 📦 Pack
-        run: dotnet pack /p:CI=true /p:PublicRelease=true -c Release
+        run: dotnet pack /p:CI=true /p:PublicRelease=true --no-build -c Release
 
       - name: 🚀 Publish
         run: dotnet nuget push "artifacts/*.nupkg" -s https://api.nuget.org/v3/index.json -k ${{ secrets.NUGET_APIKEY }} --skip-duplicate
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -5,6 +5,7 @@
     <AssemblyName>$(RootNamespace)</AssemblyName>
     <SolutionDir Condition="'$(SolutionDir)' == ''">$(MSBuildThisFileDirectory)</SolutionDir>
     <PackageOutputPath>$(SolutionDir)artifacts</PackageOutputPath>
+    <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>
     <LangVersion>10</LangVersion>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>